University Breaches Lead Roundup

UCSF Reports Third Incident in Six Months
University Breaches Lead Roundup

In this week's breach roundup, the University of California San Francisco reports its third computer theft in six months. Also, the University of Central Oklahoma is notifying 16,000 current and former employees about a breach involving unauthorized access to information stored on a server.

See Also: Ransomware: The Look at Future Trends

UCSF Reports Third Computer Theft

The University of California San Francisco is notifying almost 10,000 patients about a breach of their personal information after several desktop computers were stolen from the UCSF Family Medicine Center at Lakeshore in early January. This is the third computer theft reported by UCSF in six months.

The stolen computers in the latest incident stored patient information that included names, dates of birth, mailing addresses, medical record numbers, health insurance ID numbers and driver's license numbers. Social Security numbers were also involved for 125 individuals.

UCSF is sending notification letters to affected patients; those individuals whose Social Security numbers were potentially exposed are being offered free credit monitoring services. UCSF says it has no evidence that there has been any attempt to access or use the information contained on the computers.

On Oct. 2, 2013, UCSF Medical Center notified 3,500 patients that certain information, including names and medical record numbers, as well as Social Security numbers for a small number of individuals, may have been compromised following the theft of an unencrypted laptop from an employee's locked car (see: Laptop Stolen from Hospital Employee).

Then on Nov. 21, 2013, UCSF reported another incident involving a personal laptop computer stolen Sept. 25 from the locked vehicle of a physician based in the Division of Gastroenterology at the UCSF School of Medicine. The laptop contained information on about 8,300 individuals.

University Breach Exposes Employee Info

The University of Central Oklahoma is notifying 16,000 current and former employees about a breach involving unauthorized access to information stored on a server.

The system, which was accessed on March 12, contained names, addresses, birth date and Social Security numbers, a university spokesperson told Information Security Media Group.

So far, the university has no evidence that an unauthorized individual has used the personal information, but it is recommending that employees place a fraud alert with one of the major credit bureaus.

When asked if impacted individuals would receive free credit monitoring services, the spokesperson said: "We are diligently looking at appropriate action as a result of this unauthorized access of one of our servers and will be making several decisions in the coming days."

Virus Moved Patient Info Into Hidden File

Valley View Hospital in Glenwood Springs, Colo., is notifying 5,400 patients that a computer virus collected and encrypted personal information into a hidden system file.

So far, the hospital says it has no evidence that the encrypted data was accessed by or transmitted to an outside entity.

The virus was discovered on some of the hospital's computers in January. An information technology forensic firm brought in to analyze the virus learned that it captured screen shots of Internet Web pages and stored the images in an encrypted, hidden folder on the Valley View Hospital system, which could have been accessed by an outside entity, according to a statement from the hospital.

On Jan. 23, the hospital shut down incoming and outgoing Internet traffic to quarantine all information. The virus was then removed from the system, the hospital says. Information stored in the encrypted folder included patients' names and, in some cases, addresses, dates of birth, telephone numbers, Social Security numbers, credit card information, admission date, discharge date and patient visit numbers.

Affected individuals are being offered free identity and credit protection services.

Case Management Service Suffers Breach

Service Coordination Inc., a Frederick, Md.-based case management services organization for Maryland residents, is notifying an undisclosed number of individuals about a breach involving unauthorized access to electronic files containing protected health information.

The Maryland Developmental Disabilities Administration electronically provides SCI personally identifiable information, according to an SCI statement.

On Oct. 30, 2013, SCI discovered that between Oct. 20 and Oct. 30, its computer systems had been hacked, the statement says. Exposed information includes names, Social Security numbers, medical assistance numbers, Medicaid and Medicaid Waiver status and reason, DDA direct service provider, demographics, and other information related to SCI's case management services.

After discovering the unauthorized access, SCI engaged a cybersecurity forensics consultant, took steps to remedy the breach and alerted DDA, the FBI and the U.S. Department of Justice. Affected individuals are being offered one year of free identity theft protection services.

Schools Closed Over Breach

Some Seattle-area Catholic schools closed on March 14 to enable staff to focus on issues tied to a data breach impacting the Seattle Archdiocese.

For example, Jim Walker, principal of O'Dea High School, issued a statement explaining the school's closure: "Given the time that the 'tax refund fraud' issue is taking to investigate/resolve, I have decided to close school. It is my hope that by closing school, staff members will have adequate time to complete the steps necessary to move toward resolving the fraud."

The breach impacts potentially thousands of individuals and stems from the compromise of an archdiocese database, according to the Seattle Times. The archdiocese has been working to pinpoint which database was breached, leaving employees or volunteers from Seattle-area parishes and chancery offices vulnerable to fraud.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network